Westminster must do more to fight cybercrime
The government must help SMBs understand the evolving e-crime threat, says Fred Touchette
The House of Commons has released the Home Affairs Committee Report on E-Crime, a comprehensive assessment of the UK's efforts to combat all forms of online criminal activity. The committee deserves great credit for taking on such a wide array of topics – from terrorism to child pornography to cyberbullying and more.
However, one subject in particular deserves deeper consideration than the committee members could give it.
I'm talking about the need for businesses, especially SMBs, to do more to protect their networks and the customer data that may be housed on them. Rather than saddle these companies with onerous regulations and new reporting requirements, however, a much more appropriate and effective approach would be to arm them with the information they need to make good decisions about their internal security.
As someone who works on a daily basis with such businesses, I can tell you first hand that most don't realise how much online threats have evolved in the past few years.
For example, email was once the primary delivery vector for malware. Cybercrooks counted on unwitting recipients to enter personal information such as credit card or bank account numbers. With the widespread adoption of spam and virus filtering and a healthy dose of public awareness, most such efforts fool very few people these days.
Hackers and scammers know this of course and they have adjusted their tactics accordingly. We witnessed a great example after the birth of young Prince George.
Spammers used very sophisticated and professionally crafted messages that had the look and feel of legitimate CNN news alerts. They asked for no personal information and instead carried links to compromised websites.
Clicking on one of those links was enough to download an exploit that would allow a hacker to remotely install a malicious payload later. At best, the computer would simply become part of a botnet. At worst, it could be made to send sensitive information such as bank account or credit card data to the hacker's server.
That could be disastrous for most SMBs, but even the ones that do understand the problem are not always willing to address it. Many believe their companies are too small for hackers to target.
Some do not perceive the risk is great enough to warrant the extra precautions that would keep them safe. Both perceptions are dead wrong and the Home Affairs Committee would do well to help change them.
The best course of action in the short term is awareness. I recommend the government makes a concerted effort to educate SMBs – which make up the vast majority of UK businesses – about the changing nature of online threats.
This way, these companies can equip themselves with the protection they need to serve as a first line of defence against cyberattacks.
Attacks against businesses are but one small part of the world of e-crime, but the money generated helps fuel many other illicit online activities. Striking a blow against the former will be an important step in preventing the latter.
Fred Touchette is a senior security analyst at AppRiver